On Tue, Feb 02, 2021 at 10:50:39PM +0100, Stefan Sperling wrote:
The idea of protecting key disks with a passphrase (two-factor auth) has
been raised before. It has not been implemented yet, simply because nobody
has done the work. A search of the mailing list archives should yield
some prior dis
On Wed, Aug 26, 2020 at 05:44:12PM -0700, Constantine A. Murenin wrote:
Why OpenBSD is to blame when Gmail -- after so many years -- still
doesn't have proper support for sending text-based attachments the
right way?
Because large corporations are always right, and the idea is to bend the
wor
"Linux kernel development which is driven by plain-text email
discussion needs better or alternative collaborative tooling "to bring
in new contributors and maintain and sustain Linux in the future," says
Sarah Novotny, Microsoft's representative on the Linux Foundation board.
Said tooling c
On Thu, May 28, 2020 at 01:27:15PM +0200, infoomatic wrote:
I just don't get it why some people put so much energy into bashing a
free product instead of just ignoring it if they really hate it. The
time would have been better spent on supporting/improving OpenBSD or
another project.
OpenBSD ha
On Wed, May 20, 2020 at 02:07:27PM -0400, Chris Bennett wrote:
Please don't beg for features.
That's very irritating and wastes everyone's time.
Please don't ask for features, once again.
Really, I mean it. Don't ask for features!
How about a counterpart to `sendbug` called `requestfeature`, w
On Mon, May 18, 2020 at 11:10:59AM -0600, Theo de Raadt wrote:
People too young to have grown up with Unix need this sort of
documentation. We can't live on man pages alone.
YES WE CAN.
Proposed release poster design:
Puffy with puffed out cheeks & paper sticking out of his mouth.
Headline
On Wed, Mar 25, 2020 at 09:28:52PM -0400, Demi M. Obenour wrote:
I am working on an OpenBSD-based QubesOS TemplateVM, and have run
into a few problems.
I don't have answers to your questions, but that sounds like an
amazingly good and useful project and I wish you all the best in making
it ha
On Tue, Mar 03, 2020 at 10:15:31AM -, Stuart Henderson wrote:
On 2020-03-02, Peter N. M. Hansteen wrote:
I was thinking of the probably quite unlikely event that somebody who wants this
comes up with an actually reproducible way that could be turned into an
otherwise
unremarkable make targ
On Fri, Feb 28, 2020 at 07:24:50AM +0100, Ingo Schwarze wrote:
Hi Frank,
Frank Beuth wrote on Fri, Feb 28, 2020 at 04:22:27AM +:
Is the web documentation (FAQ etc) included in the base system by
default anywhere,
No it isn't.
I offered some years ago to translate the FAQ from HT
Is the web documentation (FAQ etc) included in the base system by
default anywhere, or do we have to pull it from CVS manually?
On Mon, Feb 24, 2020 at 03:22:28PM +0100, Julius Zint wrote:
boot(8) supports the machine specific command "tpm". This allows a
user to:
1: read the current contents of the Platform Control Registers (PCR)
with the "pcr" parameter
machine tpm p[cr]
2: seal a user supplied secret to the cur
On Tue, Feb 18, 2020 at 08:05:29AM +0100, Paul de Weerd wrote:
On Tue, Feb 18, 2020 at 05:12:25AM +, Frank Beuth wrote:
| Yes, it's a cool way to combine things to get unexpected functionality.
| I haven't dug into the bootloader much... is there a reasonably easy way
| to get the
On Mon, Feb 17, 2020 at 06:44:25PM +0100, Paul de Weerd wrote:
On Mon, Feb 17, 2020 at 01:35:38PM +, Frank Beuth wrote:
| > | This way the evil maid would have nothing to tamper with.
| >
| > Note that with this approach, a default OpenBSD install to your
| > machine will sti
On Mon, Feb 17, 2020 at 04:09:57PM +0100, Julius Zint wrote:
I'm not really in a position to reflash my machine but I would still be
curious for details.
There is no need to reflash your firmware if the system has a integrated
and supported TPM 1.2 chip.
The prototype uses a Static Root of T
On Mon, Feb 17, 2020 at 11:56:24AM +0100, Paul de Weerd wrote:
But you can already do this. If your machine supports booting from
USB, you can do a minimal install to a USB stick (using FDE, if you
want). Now you have a portable OpenBSD environment you can boot on
any system capable of booting
On Mon, Feb 17, 2020 at 11:13:27AM +0100, Julius Zint wrote:
I recently finished my masterthesis that solves this problem by including
the Trusted Platform Module (TPM) in the bootprocess of OpenBSD.
It extends the Chain of Trust up to boot(8) and allows you to seal a
secret of your choice to th
On Sat, Feb 15, 2020 at 12:22:02PM +0100, no@s...@mgedv.net wrote:
>depends what you want to achieve, but my recommendation is booting from
USB
>and mount encrypted root from the HDD.
>you can safely remove the usb key after root mount and all your
configs/etc
>files are used from the encrypted
On Thu, Feb 13, 2020 at 01:31:43PM +0100, no@s...@mgedv.net wrote:
depends what you want to achieve, but my recommendation is booting from USB
and mount encrypted root from the HDD.
you can safely remove the usb key after root mount and all your configs/etc
files are used from the encrypted stora
On Mon, Feb 03, 2020 at 10:46:03AM +0100, Janne Johansson wrote:
The attacker would thereby be able to find your IP
address.
By the time your opponent is running code on your server, this piece of
information is probably the least interesting part of the whole puzzle.
Not at all. For people
On Sun, Feb 02, 2020 at 09:24:20PM +, Arthur Wayside wrote:
Hello.
Say I run a websapp inside a chroot and someone manages to hack it and gain
shell access. Can I then somehow hide my server's IP from the likes of ifconfig?
If you want to hide your public IP from a particular application
On Sat, Jan 25, 2020 at 07:26:35PM -0500, Chris Bennett wrote:
Try this. Put OpenBSD on a USB stick. Then try to get ANYONE to boot it
on their laptop/desktop. I gave up after about 25 tries over the years.
Next, try this. Give away a few laptops with OpenBSD already installed
for free. Check ba
On Fri, Jan 10, 2020 at 07:23:26PM -0500, gwes wrote:
On 1/9/20 10:58 PM, Joseph Mayer wrote:
Maybe this topic is better suited for tech@, you tell:
Is there some way I can implement PCI drivers in userland in OpenBSD?
Is there any reason not to write a conventional device driver and
build an
On Wed, Jan 01, 2020 at 03:30:44PM +0100, Marc Chantreux wrote:
why is this ? return is the perl yield. the only difference is that the
"exhausted" situation is on your own. so basically:
def count_from(x):
while True:
yield x
x = x + 1
naturals = count_from(0
On Wed, Jan 01, 2020 at 10:29:53AM +, e...@isdaq.com wrote:
But I don't want deeper point to get missed -- which is that if eecd
doesn't like the idea of regulating what the programmer can do, then the
programmer has to have the skills to safely write unsafe code.
no you're belying the poin
eecd
doesn't like the idea of regulating what the programmer can do, then the
programmer has to have the skills to safely write unsafe code.
On Tue, Dec 31, 2019 at 23:50 Frank Beuth wrote:
On Wed, Jan 01, 2020 at 04:00:37AM +, e...@isdaq.com wrote:
>rather than the programmer bein
On Wed, Jan 01, 2020 at 04:00:37AM +, e...@isdaq.com wrote:
rather than the programmer being responsible for
writing unsafe
code we need to regulate what the programmer can do just like we need to
regulate what the community can say, do, see, and think.
where do I sign up for OpenBSD write
On Sat, Dec 14, 2019 at 11:39:57AM +0100, Claus Assmann wrote:
On Sat, Dec 14, 2019, Frank Beuth wrote:
OpenBSD doesn't have unit tests (or if they are, they're not in the main
Hmm, what about src/regress/ ?
Ah, that's what I was looking for. Not sure how I missed that.
On Wed, Dec 11, 2019 at 01:51:18PM -0500, T.J. Townsend wrote:
Errata patches for ld.so have been released for OpenBSD 6.5 and 6.6.
ld.so may fail to remove the LD_LIBRARY_PATH environment variable for
set-user-ID and set-group-ID executables in low memory conditions.
The security advisory con
On Sun, Nov 03, 2019 at 11:12:48AM +, Andrew Luke Nesbit wrote:
On 03/11/2019 10:55, Frank Beuth wrote:
Not sure about the original poster but I would be interested in
any end-to-end encrypted video/audio/chat programs that are
available.
Have a look at Tox. It might work out for you on
On Sun, Nov 03, 2019 at 04:51:48PM +1000, Stuart Longland wrote:
Do you need any video conferencing software (i.e. the group running the
online class is willing to switch to whatever you can get working?), or
do you specifically need Skype?
Not sure about the original poster but I would be inte
On Sat, Oct 26, 2019 at 02:53:42PM +0800, Jyri Hovila [Turvamies.fi] wrote:
Maybe OpenBSD could profile itself as *the* OS with all crypto related stuff is
handled using post-quantum cryptography?
I don't think OpenBSD wants to "profile itself" as anything.
Are post-quantum algorithms well re
On Fri, Oct 18, 2019 at 01:20:33PM +0100, cho...@jtan.com wrote:
Frank Beuth writes:
On Fri, Oct 18, 2019 at 11:54:18AM +0100, cho...@jtan.com wrote:
>Virtualisation is not a panacea. I have managed to achieve data loss through
destructi
ve actions taken within a "safe" virtua
On Fri, Oct 18, 2019 at 03:12:37PM +0100, cho...@jtan.com wrote:
Alternatively is there something that would make vi do it on the fly, or
something akin to emacs' C-q or vim's gq. Although I appreciate the fact
that vi doesn't try to be clever.
1) select all text in visual mode (e.g with V, the
On Fri, Oct 18, 2019 at 11:54:18AM +0100, cho...@jtan.com wrote:
Virtualisation is not a panacea. I have managed to achieve data loss through destructive
actions taken within a "safe" virtualised sandbox.
How did you manage that feat?
If the only thing that can demonstrate what a piece of c
On Sun, Jul 21, 2019 at 10:37:40AM -0600, Theo de Raadt wrote:
I'm mentioning this to highlight the false pattern of
believing "democracy is a required component" in a world where people
forget the most dominant models in all industries are a mix of
fascism, monarchies, or well ... plutocracy.
A
https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/
Earlier this year I FOIAed the FBI for details on allegations of backdoor installed
in the IPSEC stack in 2010, originally discussed by OpenBSD devs
(https://marc.info/?l=openbsd-tech&m=129236621626462 …) Today, I
git init a folder, keep your notes as plain text files in that folder, and use
standard git commands to sync changes everywhere?
On Fri, Jun 28, 2019 at 01:58:34PM -0400, Christopher Turkel wrote:
Is there a how to about to use git for this? It sounds awesome.
On Friday, June 28, 2019, Chris H
On Mon, Jun 24, 2019 at 10:59:44AM +0200, David Sastre wrote:
I would not consider ansible as the right tool to provision a system
from scratch (as in PXE booting, etc...).
Ansible is better used on a system you can connect to using SSH and
perform actions as required, with or without doas, as yo
On Mon, Jun 24, 2019 at 11:43:36AM +0300, Gregory Edigarov wrote:
I don't want to re-open the hostilities, but installing OpenBSD via
Ansible is very relevant to my interests. Previously discussed on
this list was a very roundabout approach using Qemu -- is there a
better way now?
it's all ea
On Sun, Jun 23, 2019 at 10:49:22AM +0300, cho...@jtan.com wrote:
Frank Beuth writes:
You go ahead and continue to trust your VPS without taking any care to
consider where your software comes from.
It's choices like that which make "hardening" even be a thing. Have you
c
On Sat, Jun 22, 2019 at 03:06:30AM +0100, Andrew Luke Nesbit wrote:
On 21/06/2019 19:02, Frank Beuth wrote:
I don't want to re-open the hostilities, but installing OpenBSD via
Ansible is very relevant to my interests.
I feel exactly the same way and am surprised that Ansible c
On Sat, Jun 22, 2019 at 10:29:22PM +0300, cho...@jtan.com wrote:
Ansible is not the correct tool for this job; it can only configure and
maintain an _extant_ system.
None of the recent plethora of configuration management tools have
considered the scenario *before* an operating system has been
On Sat, Jun 22, 2019 at 10:28:53AM -0700, Lyndon Nerenberg wrote:
We are looking forward to that. *However*, there is a lot to be
said for regularly re-installing your hosts from scratch. This
ensures your installer scripts don't rot as host system "features"
accrete over time. This is prone
On Sat, Jun 22, 2019 at 04:41:47AM +0100, Andrew Luke Nesbit wrote:
On 21/06/2019 19:02, Frank Beuth wrote:
I don't want to re-open the hostilities, but installing OpenBSD via
Ansible is very relevant to my interests.
I feel exactly the same way and am surprised that Ansible c
On Fri, Jun 21, 2019 at 01:20:44PM -0700, Misc User wrote:
You could stick bsd.rd onto a bootable partition then point grub to it.
You could also disable password login for root and just use a key pair.
That way you wouldn't be sending the password encrypted (or at most only
giving it a password
On Fri, Jun 21, 2019 at 12:36:22PM -0700, Misc User wrote:
I use PXE + install.conf + siteXX.tgz + siteXX-%hostname%.tgz for my
installs. I also have an rc.firsttime to download and install the
required packages.
Thanks, but neither this nor the autoinstall suggestion seem applicable for my
u
On Wed, Jun 19, 2019 at 11:29:32PM +0200, Maxim Bourmistrov wrote:
Installing via NOT RECOMMENDED WAY(following upgrade65.html) - scripting on
steroides (ansible).
I don't want to re-open the hostilities, but installing OpenBSD via Ansible is
very relevant to my interests. Previously discussed
On Mon, Feb 25, 2019 at 12:31:42PM -, Stuart Henderson wrote:
I've not done much with ssh tun forwarding, but I have previously had
to run openvpn over TCP and didn't find that it really get in the
way in practice, even with connections over wifi. It would depend
on connection characteristics
On Sun, Feb 24, 2019 at 03:12:31PM +, Stuart Henderson wrote:
Basically I'm trying to say, if you wanted to do it the other way round
(pass by default, block certain traffic) you wouldn't be able to block
everything.
If you're trying to stop all possible paths something on the system
might u
On Sun, Feb 24, 2019 at 09:56:12AM -, Stuart Henderson wrote:
PF 'user' should do the trick. Note: it only works for TCP/UDP but for
this you should be able to do something like
block all
pass inet proto tcp to 192.0.2.1 port 22 user sshtunnel
Thanks. You say "only works for TCP/UDP", what
On Sun, Feb 24, 2019 at 09:09:06AM +0100, Denis Fondras wrote:
On Sun, Feb 24, 2019 at 01:43:08PM +0700, Frank Beuth wrote:
Is it possible to restrict network access on a per-user or per-application
(rather than per-port) basis?
pf does not seem to have any capability to do this, maybe I
Is it possible to restrict network access on a per-user or per-application
(rather than per-port) basis?
pf does not seem to have any capability to do this, maybe I missed something.
On Wed, Feb 20, 2019 at 09:16:04PM -0500, James Huddle wrote:
Personally, I envision a sort of "open source BIOS"
library in the distant future. Something we jack in on jtag
if we have to. There is no harm in *starting.* Meanwhile,
my super productive Dell laptop can't keep me from wondering
w
On Thu, Feb 14, 2019 at 04:22:05AM +, Paul Swanson wrote:
I have some general areas of interest, such as embedded
computing, but nothing is set in stone yet, so I thought it'd
be fun to hear from those in know about areas of priority need
within the OpenBSD community.
Are there particular pr
On Sat, Jan 19, 2019 at 04:21:50PM +0200, Mihai Popescu wrote:
Why not an AMD Opteron A1100 based board?
Because I haven't looked into it yet.
This all started because I'm on vacation in a major electronics hub and saw a
Raspberry Pi at a local mall, thought it would be a fun project and
wan
On Fri, Jan 18, 2019 at 08:19:29PM +, Stuart Henderson wrote:
On 2019-01-18, Frank Beuth wrote:
(misc got dropped?)
Yes, your mail was off-list so I replied off-list.
Ah, ok. Mea culpa, must have hit the wrong key.
On Fri, Jan 18, 2019 at 07:02:11AM +, Michael Joy wrote:
I'd be more than willing to a Pinebook for testing. I wanted one anyway.
If I end up buying one, I'll buy one for you too :)
(misc got dropped?)
On Thu, Jan 17, 2019 at 04:28:05PM +, Stuart Henderson wrote:
> I'll take a look at that. Why would you prefer the PINE64 over the RBP?
Partly due to the improved storage/connectivity options (especially on
rockpro64) but largely because there seems a bit more developer
(misc got dropped?)
On Thu, Jan 17, 2019 at 04:28:05PM +, Stuart Henderson wrote:
I'll take a look at that. Why would you prefer the PINE64 over the RBP?
Partly due to the improved storage/connectivity options (especially on
rockpro64) but largely because there seems a bit more developer i
(resending as 1st message didn't go through?)
Has OpenBSD's support for Raspberry Pi devices improved much with 6.4? All the
documentation I can find online regarding this platform and OpenBSD refers to
6.3, and suggest that the Raspberry Pi support is very limited (no packages?).
The changelog
On Wed, Dec 19, 2018 at 07:24:12AM -0800, andrew fabbro wrote:
Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my
experience, 100% will add it to their library if you request it.
I did a quick survey, and found that of the providers I currently work with who
offer OpenBSD IS
On Wed, Dec 19, 2018 at 07:24:12AM -0800, andrew fabbro wrote:
Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my
experience, 100% will add it to their library if you request it.
That's an excellent idea, especially from the perspective of making OpenBSD
adoption easier for
62 matches
Mail list logo
